For a managed system that exists in the TPAM Appliance, how can a Managed Account be created, that uses a Domain Account already managed by TPAM, to authenticate to the PSM session?
To allow a TPAM user to request a Privileged Session to the Managed System that logs in with a domain account, perform the following steps:
Please Note: The following assumes that the Domain Controller and Domain User are already added as Managed System and Managed Account.
1. Create a new account for the Managed System
2. Enter an Alias in the “Account Name” field
3. Do not provide a password
4. Ensure that “Password Management” is set to “None”
5. Click the “Save Changes” button
6. Select the “PSM Details” tab (for some versions this appears as the “EGP Details” tab)
7. Select the “Enable EGP Sessions” checkbox
8. Configure the rest of the General tab accordingly
9. Select the “Session Authentication” tab
10. Click the “Use Windows Domain Account” option and select the Domain account that the PSM session will use to log into the system (the domain user must have permissions on the system to connect via RDP).
Note: if the Domain account is not listed in the drop down then it needs to be added on the "Windows Active Dir" system first.
11. Ensure that the account has correct permissions for a user to request the PSM Session on the Permissions tab (if running version 2.3, please set the permissions on the managed system).
12. Click “Save Changes”
Prior to 2.5.912 this is feature only available for "Windows" systems. After 2.5.912, the functionality has been extended to include the following platforms :
Cisco CATOS, Cisco Pix, Cisco Router (SSH), FreeBSD, H3C, IBM HMC, Nokia IPSO, Tru64, and all Linux / Unix systems.
Additional Note: In the above scenario we set the Password Management to None. If Password Management is required for the Domain User account, please follow the steps detailed in Knowledge Base article 91406 (Link provided below)